SimplePHPscripts Simple Forum PHP 2.7 URL Parameter /preview.php cross site scripting
A vulnerability, which was classified as problematic, has been found in SimplePHPscripts Simple Forum PHP 2.7. This issue affects some unknown processing of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The CWE definition for the vulnerability is CWE-79. The weakness was released 07/07/2023. The identification of this vulnerability is CVE-2023-3539. The attack may be initiated remotely. Technical details are available. Furthermore, there is an exploit available. The pricing for an exploit might be around USD $0-$5k at the moment. The attack technique deployed by this issue is T1059.007 according to MITRE ATT&CK. It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $0-$5k. A possible mitigation has been published even before and not after the disclosure of the vulnerability.